Thursday, February 5, 2015

Library of Malware Traffic Patterns

Update February 2015 Use the new link below for a new interface and updates.

Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize malware traffic patterns has been always an important skill for anyone tasked with network defense. The number of malware analysis blogs and papers is overwhelming and it is difficult to keep track of malware features if you don't have access to a well designed and constantly updated malware database. This started as "personal notes" spreadsheet with GET and POST requests for different malware families with information from open sources. We decided others might find it useful too.

Click on the column headers to see recent entries. Use other column headers to sort as needed. Wait a few seconds for the table to load from the Google Sheet. URI and User-Agent fields might have spaces for easier cell wrapping. Remove them if you export the data.
Yes, you can download samples mentioned in the spreadsheet. See the "dl" column in the full spreadsheet table and corresponding links to the download location. Use "Contagio" password scheme (email Mila or admin at deependresearch.org)Image credit: Jay Walker Library. Src.Vancouversun

id=[bot_id]&bid=[base64_encoded_build_id]&dv=[x]&mv=[y]&dpv=[z]id=[bot_id_sha1]&bid=[base64_encoded_build_id]&nm=[x]&cn=[y]&num=[z]The only major difference is that the id field contain justthe hash instead of the actual string

HI there, no we plan it to be low maintenance - see pattern = add. Need to reference = visit the link. People have enough spam in their mailboxes and no easy way for us to deal with the mailings. Some of these are on port 443 and other. We might add port column but also see the links with publications - they show and explain much more than the table, which is just a lookup reference. thank you

The fact is that Malsubjects will continue to cause havoc in cyberspace using everything they have in their power. It is time that we all realize that we are fighting a cyberwar where in many cases the malsubjects are winning many of these battles. It’s about time we defend ourselves with ALL we’ve got!

you don't need a pass to download the spreadsheet itself - go to File - Save AS (might need to use gmail acct, not sure) but for the malware and pcap downloads - it is the same scheme as on Contagiodump.blogspot.com - please email Mila for the pass scheme (click on the name above in the post and replace (at) with @

it's best pleasure to share the malware-pcap files for public. i have emailed you for the password. wish remail soon. thank you very much. thos pcap files will help me to get further study on the APT research.